Confidentiality - Integrity - Availability Triad is a security policy model.
Confidentiality: Confidentiality is protecting the information which is in rest or transit from unauthorized access and should be available only to the authorized users. Encryption ensures confidentiality of an information. Access Controls and Passwords can also be used to protect the data. Following are the common attacks on confidentiality:
Passive Attacks:
Dumpster Diving
Social Engineering
Active Attacks:
Password attacks like brute force
Using keyloggers
Integrity: Integrity ensures trustworthiness of the information. Information must remain unchanged throughout its life sustaining from intentional and accidental modifications. Integrity of an information can be achieved by hashing and encryption. Integrity can be verified by using checksums.
Common attacks on Integrity are:
Data Diddling Attacks
Salami Attacks
Man-In-The-Middle Attacks
Availability: Availability is to ensure that the data must be available to the authorized users at any point of time. Redundancy, Backups, DRP (Disaster Recovery Plan), HA (High Availability) Clusters helps in maintaining availability of information.
Attacks on availability are:
DOS (Denial of Service)
DDOS (Distributed Denial of Service)
Confidentiality: Confidentiality is protecting the information which is in rest or transit from unauthorized access and should be available only to the authorized users. Encryption ensures confidentiality of an information. Access Controls and Passwords can also be used to protect the data. Following are the common attacks on confidentiality:
Passive Attacks:
Dumpster Diving
Social Engineering
Active Attacks:
Password attacks like brute force
Using keyloggers
Integrity: Integrity ensures trustworthiness of the information. Information must remain unchanged throughout its life sustaining from intentional and accidental modifications. Integrity of an information can be achieved by hashing and encryption. Integrity can be verified by using checksums.
Data Diddling Attacks
Salami Attacks
Man-In-The-Middle Attacks
Availability: Availability is to ensure that the data must be available to the authorized users at any point of time. Redundancy, Backups, DRP (Disaster Recovery Plan), HA (High Availability) Clusters helps in maintaining availability of information.
Attacks on availability are:
DOS (Denial of Service)
DDOS (Distributed Denial of Service)
great explanation, good work guys keep going..!
ReplyDelete